A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * grub2-signed: 1.173.2~20.04.1+2.04-1ubuntu47.4 => 1.173.4+2.04-1ubuntu47.5 * grub2-unsigned: 2.04-1ubuntu47.4 => 2.04-1ubuntu47.5 * grub2: 2.04-1ubuntu26.15 => 2.04-1ubuntu26.16 The following is a complete changelog for this image. new: {} removed: {} changed: ['grub-common', 'grub-efi-amd64-bin', 'grub-efi-amd64-signed', 'grub-pc', 'grub-pc-bin', 'grub2-common'] new snaps: {} removed snaps: {} changed snaps: ['snapd'] ==== grub2: 2.04-1ubuntu26.15 => 2.04-1ubuntu26.16 ==== ==== grub-common grub-pc grub-pc-bin grub2-common * grub-multi-install: Reset partition type between partitions (LP: #1997795) ==== grub2-signed: 1.173.2~20.04.1+2.04-1ubuntu47.4 => 1.173.4+2.04-1ubuntu47.5 ==== ==== grub-efi-amd64-signed * Source debconf in postinst script (LP: #1997779) * Enforce build against 2.04-1ubuntu47.5 * Rebuild against grub2 2.04-1ubuntu47.5 (LP: #1996950) * Bump grub2-common dependency to 2.02~beta2-36ubuntu3.33 in xenial and 2.02-2ubuntu8.25 in bionic to fix LP: #1995751 ==== grub2-unsigned: 2.04-1ubuntu47.4 => 2.04-1ubuntu47.5 ==== ==== grub-efi-amd64-bin [ Chris Coulson ] * SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts. - add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch - add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch - CVE-2022-2601, CVE-2022-3775 - LP: #1996950 * Fix various issues as a result of fuzzing, static analysis and code review: - add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch - add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch - add debian/patchces/font-Remove-grub_font_dup_glyph.patch - add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch - add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch - add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch - add debian/patches/fbutil-Fix-integer-overflow.patch - add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch - add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch - add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch * Forbid loading of external fonts when secure boot is enabled: - add debian/patches/font-Forbid-loading-of-font-files-when-secure-boot-is-ena.patch * Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary - update debian/control - update debian/build-efi-image - add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch * Fix the squashfs tests during the build - remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch - add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch * Bump SBAT generation: - update debian/sbat.ubuntu.csv.in * Make grub-efi-{amd64,arm64} depend on grub2-common 2.02~beta2-36ubuntu3.33 in xenial and 2.02-2ubuntu8.25 in bionic to fix LP: #1995751 (thanks Julian Klode for the base-files hack to make a single binary be able to depend on 2 different versions of the same package) [ dann frazier ] * linuxefi: Invalidate i-cache before starting the kernel (LP: #1987924) - d/p/linuxefi-Invalidate-i-cache-before-starting-the-kern.patch -- [1] http://cloud-images.ubuntu.com/releases/focal/release-20230111/ [2] http://cloud-images.ubuntu.com/releases/focal/release-20230107/